Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help ... Cant Find My Network Or Internet


  • This topic is locked This topic is locked
2 replies to this topic

#1 bri_guy

bri_guy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh
  • Local time:11:30 AM

Posted 21 July 2008 - 02:55 PM

SDFix: Version 1.207
Run by Greg Klein on Mon 07/21/2008 at 01:33 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\GREGKL~1\Desktop\SDFix

Checking Services :

Name :
msupdate
ff5f5f7f

Path :
c:\windows\system32\mssrv32.exe
\SystemRoot\System32\drivers\ff5f5f7f.sys

msupdate - Deleted
ff5f5f7f - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\rqRLfFvV.dll - Deleted
C:\176081~1 - Deleted
C:\DOCUME~1\GREGKL~1\LOCALS~1\Temp\Csrssc.exe - Deleted
C:\DOCUME~1\GREGKL~1\LOCALS~1\Temp\winlogan.exe - Deleted
C:\WINDOWS\system32\drivers\ff5f5f7f.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 13:43:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\backup
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr\afd.sys 138368 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr\dnsapi.dll 148992 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr\mswsock.dll 245248 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr\tcpip.sys 360320 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr\tcpip6.sys 225920 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe\6to4svc.dll 100352 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe\afd.sys 138368 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe\dnsapi.dll 147968 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe\mswsock.dll 245248 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe\tcpip.sys 360960 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2qfe\tcpip6.sys 225920 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3gdr
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3gdr\afd.sys 138496 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3gdr\dnsapi.dll 147968 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3gdr\mswsock.dll 245248 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3gdr\tcpip.sys 361600 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3gdr\tcpip6.sys 225856 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3qfe
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3qfe\afd.sys 138496 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3qfe\dnsapi.dll 147968 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3qfe\mswsock.dll 245248 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3qfe\tcpip.sys 361600 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp3qfe\tcpip6.sys 225856 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\spmsg.dll 17272 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\spuninst.exe 231288 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\susdl.rq0 1972 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\branches.inf 926 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\eula.txt 804 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\KB951748.cat 18785 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\spcustom.dll 26488 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\update.exe 755576 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\update.url 5324 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\update.ver 2032 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\updatebr.inf 678 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\update_SP2GDR.inf 21826 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\update_SP2QFE.inf 22863 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\update_SP3GDR.inf 24746 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\update_SP3QFE.inf 24746 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\update\updspapi.dll 382840 bytes executable
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\WindowsXP-KB951748-x86-ENU.psm 4575 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\_downloadprogress_.state 4 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\_unpacked_.state 34 bytes
C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\_usedelta_.state 34 bytes
C:\WINDOWS\SoftwareDistribution\Download\aed8959adbbb790aadece89f40c87b25924c23a0

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 49


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe:*:Enabled:pcAnywhere Host"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOCUME~1\GREGKL~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 19 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
Wed 16 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Wed 16 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Thu 17 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Wed 19 Jul 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 19 Jul 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 19 Jul 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 19 Jul 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 19 Jul 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Wed 16 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Mon 22 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 26 Jan 2005 102,400 A..HR --- "C:\Program Files\ScanSoft\PaperPort\PP92Ocr.exe"
Thu 27 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 18 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Fri 18 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Wed 26 Jan 2005 90,112 A..H. --- "C:\Program Files\Visioneer\OneTouch 4.0\PnP Install\InstallEx.exe"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT5.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT2.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Greg Klein\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Any Help Would Be Great Thanks

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 AM

Posted 07 August 2008 - 10:19 AM

Hello, bri_guy.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please follow the instructions listed in the Prep Guide located here:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:30 AM

Posted 10 August 2008 - 05:08 PM

Hello, bri_guy.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users